[jboss-jira] [JBoss JIRA] Closed: (JBAS-2895) Extend SecureIdentityLoginModule to externalize the secret

[ http://jira.jboss.com/jira/browse/JBAS-2895?page=all ] Scott M Stark closed JBAS-2895. ------------------------------- Resolution: Done A new org.jboss.resource.security.PBEIdentityLoginModule has been added extends the SecureIdentityLoginModule to provide control over the masking password and cipher. wiki info: !! Configured Identity with Password Based Encryption An extension to configured identity that uses a credential that is encrypted using a PBE cipher. Example login-module.xml entries are: {{{ <application-policy name = "testPBEIdentityLoginModule"> <authentication> <login-module code = "org.jboss.resource.security.PBEIdentityLoginModule" flag = "required"> <module-option name = "principal">sa</module-option> <module-option name = "userName">sa</module-option> <!-- output from: org.jboss.resource.security.PBEIdentityLoginModule thesecret testPBEIdentityLoginModule abcdefgh 19 PBEWithMD5AndDES --> <module-option name = "password">3fp7R/7TMjyTTxhmePdJVk</module-option> <module-option name = "ignoreMissigingMCF">true</module-option> <module-option name = "pbealgo">PBEWithMD5AndDES</module-option> <module-option name = "pbepass">testPBEIdentityLoginModule</module-option> <module-option name = "salt">abcdefgh</module-option> <module-option name = "iterationCount">19</module-option> <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option> </login-module> </authentication> </application-policy> <application-policy name = "testPBEIdentityLoginModuleTmpFilePassword"> <authentication> <login-module code = "org.jboss.resource.security.PBEIdentityLoginModule" flag = "required"> <module-option name = "principal">sa</module-option> <module-option name = "userName">sa</module-option> <!-- output from: org.jboss.resource.security.PBEIdentityLoginModule thesecret2 testPBEIdentityLoginModuleTmpFilePassword abcdefgh 19 PBEWithMD5AndDES --> <module-option name = "password">2zff525DS/OgTuWuJtHYHa</module-option> <module-option name = "ignoreMissigingMCF">true</module-option> <module-option name = "pbealgo">PBEWithMD5AndDES</module-option> <module-option name = "pbepass">{CLASS}org.jboss.security.plugins.TmpFilePassword:${java.io.tmpdir}/tmp.password,5000</module-option> <module-option name = "salt">abcdefgh</module-option> <module-option name = "iterationCount">19</module-option> <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option> </login-module> </authentication> </application-policy> }}} This uses password based encryption (PBE) with algorithm parameters dervived from pbealgo, pbepass, salt, iterationCount options: * pbealgo - the PBE algorithm to use. Defaults to PBEwithMD5andDES. * pbepass - the PBE password to use. Can use the JaasSecurityDomain {CLASS} and {EXT} syntax to obtain the password from outside of the configuration. Defaults to "jaas is the way". * salt - the PBE salt as a string. Defaults to {1, 7, 2, 9, 3, 11, 4, 13}. * iterationCount - the PBE iterationCount. Defaults to 37. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira